The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554)

  - php: Uninitialized read in exif_process_IFD_in_TIFF (CVE-2019-9641)

  - The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a     valid network IP address, which allows remote attackers to obtain network information and facilitate other     attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0.
    NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way     that is similar to strcpy's role in buffer overflows, in which case this would be a class of     implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a     security-relevant manner. (CVE-2006-4023)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554)

  - php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023)

  - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to     hijack web sessions by specifying a session ID. (CVE-2011-4718)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Session fixation vulnerability in the Sessions     subsystem in PHP before 5.5.2 allows remote attackers     to hijack web sessions by specifying a session     ID.(CVE-2011-4718)

  - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24     and 7.3.x below 7.3.11 in certain configurations of FPM     setup it is possible to cause FPM module to write past     allocated buffers into the space reserved for FCGI     protocol data, thus opening the possibility of remote     code execution.(CVE-2019-11043)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Version 5.5.3, 22 Aug 2013

Openssl: + Fixed UMR in fix for CVE-2013-4248.

Version 5.5.2, 15-Aug-2013

Core :

  - Fixed bug #65372 (Segfault in gc_zval_possible_root when     return reference fails).

    - Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS       constant (previously was erroneously set to       FILTER_SANITIZE_SPECIAL_CHARS value).

    - Fixed bug #65304 (Use of max int in array_sum).

    - Fixed bug #65291 (get_defined_constants() causes PHP       to crash in a very limited case).

    - Fixed bug #62691 (solaris sed has no -i switch).

    - Fixed bug #61345 (CGI mode - make install don't work).

    - Fixed bug #61268 (--enable-dtrace leads make to       clobber Zend/zend_dtrace.d).

DOM :

  - Added flags option to DOMDocument::schemaValidate() and     DOMDocument::schemaValidateSource(). Added     LIBXML_SCHEMA_CREATE flag.

OPcache :

  - Added opcache.restrict_api configuration directive that     may limit usage of OPcahce API functions only to     patricular script(s).

    - Added support for glob symbols in blacklist entries       (?, *, **).

    - Fixed bug #65338 (Enabling both php_opcache and       php_wincache AVs on shutdown).

Openssl :

  - Fixed handling null bytes in subjectAltName     (CVE-2013-4248).

PDO_mysql :

  - Fixed bug #65299 (pdo mysql parsing errors).

Phar :

  - Fixed bug #65028 (Phar::buildFromDirectory creates     corrupt archives for some specific contents).

Pgsql :

  - Fixed bug #62978 (Disallow possible SQL injections with     pg_select()/pg_update() /pg_delete()/pg_insert()).

    - Fixed bug #65336 (pg_escape_literal/identifier()       silently returns false).

Sessions :

  - Implemented strict sessions RFC     (https://wiki.php.net/rfc/strict_sessions) which     protects against session fixation attacks and session     collisions (CVE-2011-4718).

    - Fixed possible buffer overflow under Windows. Note:
      Not a security fix.

    - Changed session.auto_start to PHP_INI_PERDIR.

SOAP :

  - Fixed bug #65018 (SoapHeader problems with SoapServer).

SPL :

  - Fixed bug #65328 (Segfault when getting SplStack object     Value).

    - Added RecursiveTreeIterator setPostfix and getPostifx       methods.

    - Fixed bug #61697 (spl_autoload_functions returns       lambda functions incorrectly).

Streams :

  - Fixed bug #65268 (select() implementation uses outdated     tick API).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.3.  It is, therefore, potentially affected by the following vulnerabilities : 

  - An error exists related to the 'Sessions' subsystem     that can allow an attacker to hijack the session of     another user. (CVE-2011-4718 / Bug #60491)

  - An error exists related to certificate validation, the     'subjectAltName' field and certificates containing NULL     bytes. This error can allow spoofing attacks.
    (CVE-2013-4248)

Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-reported version number.

Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 .

The remote host is affected by the vulnerability described in GLSA-201408-11 (PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the       CVE identifiers referenced below for details.
  Impact :

    A context-dependent attacker can cause arbitrary code execution, create       a Denial of Service condition, read or write arbitrary files, impersonate       other servers, hijack a web session, or have other unspecified impact.
      Additionally, a local attacker could gain escalated privileges.
  Workaround :

    There is no known workaround at this time.

The remote Solaris system is missing necessary patches to address security updates :

  - Session fixation vulnerability in the Sessions subsystem     in PHP before 5.5.2 allows remote attackers to hijack     web sessions by specifying a session ID. (CVE-2011-4718)

  - Unspecified vulnerability in the _php_stream_scandir     function in the stream implementation in PHP before     5.3.15 and 5.4.x before 5.4.5 has unknown impact and     remote attack vectors, related to an 'overflow.'     (CVE-2012-2688)

  - The SQLite functionality in PHP before 5.3.15 allows     remote attackers to bypass the open_basedir protection     mechanism via unspecified vectors. (CVE-2012-3365)

  - ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before     5.4.13 does not validate the relationship between the     soap.wsdl_cache_dir directive and the open_basedir     directive, which allows remote attackers to bypass     intended access restrictions by triggering the creation     of cached SOAP WSDL files in an arbitrary directory.
    (CVE-2013-1635)

  - The SOAP parser in PHP before 5.3.23 and 5.4.x before     5.4.13 allows remote attackers to read arbitrary files     via a SOAP WSDL file containing an XML external entity     declaration in conjunction with an entity reference,     related to an XML External Entity (XXE) issue in the     soap_xmlParseFile and soap_xmlParseMemory functions.
    NOTE: this vulnerability exists because of an incorrect     fix for CVE-2013-1824. (CVE-2013-1643)

  - Heap-based buffer overflow in the php_quot_print_encode     function in ext/ standard/quot_print.c in PHP before     5.3.26 and 5.4.x before 5.4.16 allows remote attackers     to cause a denial of service (application crash) or     possibly have unspecified other impact via a crafted     argument to the quoted_printable_encode function.
    (CVE-2013-2110)

  - ext/xml/xml.c in PHP before 5.3.27 does not properly     consider parsing depth, which allows remote attackers to     cause a denial of service (heap memory corruption) or     possibly have unspecified other impact via a crafted     document that is processed by the xml_parse_into_struct     function. (CVE-2013-4113)

  - The openssl_x509_parse function in openssl.c in the     OpenSSL module in PHP before 5.4.18 and 5.5.x before     5.5.2 does not properly handle a '\0' character in a     domain name in the Subject Alternative Name field of an     X.509 certificate, which allows man-in-the-middle     attackers to spoof arbitrary SSL servers via a crafted     certificate issued by a legitimate Certification     Authority, a related issue to CVE-2009-2408.
    (CVE-2013-4248)

  - Integer overflow in the SdnToJewish function in jewish.c     in the Calendar component in PHP before 5.3.26 and 5.4.x     before 5.4.16 allows context-dependent attackers to     cause a denial of service (application hang) via a large     argument to the jdtojewish function. (CVE-2013-4635)

  - The mget function in libmagic/softmagic.c in the     Fileinfo component in PHP 5.4.x before 5.4.16 allows     remote attackers to cause a denial of service (invalid     pointer dereference and application crash) via an MP3     file that triggers incorrect MIME type detection during     access to an finfo object. (CVE-2013-4636)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554)

  - php: Uninitialized read in exif_process_IFD_in_TIFF (CVE-2019-9641)

  - The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a     valid network IP address, which allows remote attackers to obtain network information and facilitate other     attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0.
    NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way     that is similar to strcpy's role in buffer overflows, in which case this would be a class of     implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a     security-relevant manner. (CVE-2006-4023)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

PHP versions earlier than 5.5.2 are affected by the following vulnerabilities : 

  - An error exists related to the 'Sessions' subsystem that can allow an attacker to hijack the session of another user. (CVE-2011-4718 / Bug #60491)

  - An error exists related to certificate validation, the 'subjectAltName' field and certificates containing NULL bytes. This error can allow spoofing attacks. (CVE-2013-4248)

ID	Name	Product	Family	Published	Updated	Severity
131592	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)	Nessus	Huawei Local Security Checks	12/4/2019	4/25/2023	critical
137966	EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)	Nessus	Huawei Local Security Checks	7/1/2020	4/25/2023	critical
198558	RHEL 6 : php (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	11/22/2024	critical
198511	RHEL 7 : php (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	11/22/2024	critical
131820	EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2546)	Nessus	Huawei Local Security Checks	12/9/2019	4/25/2023	critical
69462	Fedora 19 : php-5.5.3-1.fc19 (2013-14998)	Nessus	Fedora Local Security Checks	8/25/2013	1/11/2021	medium
132184	EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)	Nessus	Huawei Local Security Checks	12/18/2019	4/25/2023	critical
69402	PHP 5.5.x < 5.5.3 Multiple Vulnerabilities	Nessus	CGI abuses	8/21/2013	11/22/2024	high
70228	Amazon Linux AMI : php54 (ALAS-2013-224)	Nessus	Amazon Linux Local Security Checks	10/1/2013	4/18/2018	medium
77455	GLSA-201408-11 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	8/30/2014	1/6/2021	high
80736	Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)	Nessus	Solaris Local Security Checks	1/19/2015	1/14/2021	critical
198485	RHEL 5 : php (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	11/22/2024	critical
6997	PHP 5.5.x < 5.5.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	8/21/2013	3/6/2019	medium

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

medium

critical

high

medium

high

critical

critical

medium